Fix wiping sensitive info in INSERT INTO FUNCTION.

2024-11-10 01:25:21 +00:00 · 2023-01-25 01:26:44 +01:00 · 2023-01-25 01:26:44 +01:00 · 9014023625
commit 9014023625
parent 59528cfca0
2 changed files with 50 additions and 3 deletions
--- a/src/Parsers/ParserInsertQuery.cpp
+++ b/src/Parsers/ParserInsertQuery.cpp
@ -256,14 +256,23 @@ bool ParserInsertQuery::parseImpl(Pos & pos, ASTPtr & node, Expected & expected)
    if (infile)
    {
        query->infile = infile;
+        query->compression = compression;
+
+        if (infile)
+            query->children.push_back(infile);
        if (compression)
-            query->compression = compression;
+            query->children.push_back(compression);
    }

    if (table_function)
    {
        query->table_function = table_function;
        query->partition_by = partition_by_expr;
+
+        if (table_function)
+            query->children.push_back(table_function);
+        if (partition_by_expr)
+            query->children.push_back(partition_by_expr);
    }
    else
    {
--- a/tests/integration/test_mask_sensitive_info/test.py
+++ b/tests/integration/test_mask_sensitive_info/test.py
@ -21,11 +21,21 @@ def check_logs(must_contain=[], must_not_contain=[]):
    node.query("SYSTEM FLUSH LOGS")

    for str in must_contain:
-        escaped_str = str.replace("`", "\\`").replace("[", "\\[").replace("]", "\\]")
+        escaped_str = (
+            str.replace("`", "\\`")
+            .replace("[", "\\[")
+            .replace("]", "\\]")
+            .replace("*", "\\*")
+        )
        assert node.contains_in_log(escaped_str)

    for str in must_not_contain:
-        escaped_str = str.replace("`", "\\`").replace("[", "\\[").replace("]", "\\]")
+        escaped_str = (
+            str.replace("`", "\\`")
+            .replace("[", "\\[")
+            .replace("]", "\\]")
+            .replace("*", "\\*")
+        )
        assert not node.contains_in_log(escaped_str)

    for str in must_contain:
@ -257,6 +267,34 @@ def test_table_functions():
        node.query(f"DROP TABLE tablefunc{i}")


+def test_table_function_ways_to_call():
+    password = new_password()
+
+    table_function = f"s3('http://minio1:9001/root/data/testfuncw.tsv.gz', 'minio', '{password}', 'TSV', 'x int')"
+
+    queries = [
+        "CREATE TABLE tablefuncw (`x` int) AS {}",
+        "INSERT INTO FUNCTION {} SELECT * FROM numbers(10)",
+        "DESCRIBE TABLE {}",
+    ]
+
+    for query in queries:
+        # query_and_get_answer_with_error() is used here because we don't want to stop on error "Cannot connect to AWS".
+        # We test logging here and not actual work with AWS server.
+        node.query_and_get_answer_with_error(query.format(table_function))
+
+    table_function_with_hidden_arg = "s3('http://minio1:9001/root/data/testfuncw.tsv.gz', 'minio', '[HIDDEN]', 'TSV', 'x int')"
+
+    check_logs(
+        must_contain=[
+            query.format(table_function_with_hidden_arg) for query in queries
+        ],
+        must_not_contain=[password],
+    )
+
+    node.query("DROP TABLE tablefuncw")
+
+
 def test_encryption_functions():
    plaintext = new_password()
    cipher = new_password()